Graphics Processing Units in Vulnerable Lane

    In the past, Graphics Processing Unit (GPU) drivers weren’t a typical target for system exploitation, but this has changed in recent years. Many computing applications from desktop to server require more graphics horsepower than ever before and, as such, discrete GPUs are more common than ever. Laptops are even often configured with high-performance GPUs included instead of the basic CPU embedded graphics chipsets of the past. Modern GPUs are highly complicated components requiring complex system drivers to maximize the GPUs capability.

    As system complexity increases continuously, so does the potential for finding a way to exploit the system. This effect is multiplied because GPU drivers usually run in the highest privilege ring of the system, kernel mode. This week, graphics chip maker Nvidia patched its drivers to fix two high security vulnerabilities as well as several lower severity vulnerabilities.

    The first vulnerability patched by Nvidia this week relates to the Nvidia Control Panel component. This software is bundled as part of the Nvidia graphics driver package and allows for adjusting settings related to the graphics subsystem. The vulnerability, assigned CVE-2020-5962, allows for a local attacker to corrupt critical system files, leading to denial of service or escalation of privileges. Little information is available about the vulnerability specifics but systems running this software should be updated to prevent local attacks against the machine.

    CUDA is a subsystem in Nvidia drivers that allows for non-graphics use of the high-performance processing units for machine learning or artificial intelligence programs. These applications benefit greatly from the highly-parallelized nature of graphics hardware and typically use high-end graphics cards for their processing. The second high security vulnerability, CVE-2020-5963, is in the CUDA component of the graphics driver. Again, little information is available about the specifics, but the issue appears to stem from a mistake in the access control security in the Inter Process Communication APIs. This vulnerability could lead to arbitrary code execution from a lower privilege process in the context of a high privilege process.

    Other Nvidia vulnerabilities patched this week are classified as medium severity. CVE-2020-5967 and CVE-2020-5965 appear to be similar vulnerabilities in Linux and Windows respectively, which allow for denial of service to the target system. CVE-2020-5964 and CVE-2020-5966 are exclusive to Windows systems and range in severity from denial of service to arbitrary code execution.
As high-performance GPUs become more common in even basic systems it is important to verify that your drivers are being updated in a timely fashion.